Posted
by
timothy
on Saturday October 26, 2002 @04:58PM
from the my-credit-union-respects-mozilla dept.

robbo writes "Earlier this week, The Register ran a piece on major UK banks and E-commerce sites' refusal to support alternative browsers for online banking, and they followed up with a list of saints and sinners. The reasons vary from requiring support for proprietary technology to security. My own bank only recently started supporting Netscape 6 (but they still don't support Mozilla). Clearly, support for Mozilla, Konqueror, or Galeon are absolutely necessary if projects like GNUCash can successfully integrate online banking. How does the Slashdot crowd find their banking support? Is your bank a sinner or a saint?"

The banks are doing wrong something else; they are "developing" for certain browsers, while they/should/ be designing with accepted web standards.Then there would be less problems. Web designers and browser developers can then both spend more time on adding functionality, because they only have to support 1 peer instead of n. My bank, the Dutch ABNAMRO, states somewhere that they only support IE. But Mozilla works, although a tad ugly.

Convenient for people too lazy to write a check by hand, or go to a drive through teller, or something. Yes, some people may not have cars, but they find a way to get to work, don't they?

Banks have limits on how many teller assisted transactions one can do (usually per quarter or statement). Also, some people work during all bank hours (usually 9 to 5).

The internet may not be as secure as anyone would wish it to be, but it's still more secure than handling things in the branches. As a former teller, I can tell you that there are massive amounts of fraud that bank branches have to watch out for. With a good password your information should be safe.

I've been using online banking since the whole thing started... using the web for probably seven years, with SFNB (the first online bank, showing off S1's software), to RBC and now RBC/Centura. They've always listed such-and-such browser version requirements, and I've never had a problem using another browser before.

How many banks really *block* a given browser? And if they do, how many really wouldn't work if you masqueraded your user agent?

It sucks that these places don't officially support other browsers, but if anyone here has ever worked on an externally-facing web-based software package, you know that there is just so many combinations of things your QA department can test, and a good company will only say they support those, even if they know others would work. Its not responsible to say you support Mozilla if you've only ever tested Netscape 6, officially.

While in theory it would be great for banks to support everything out there, the reality is they just can't. They have to pick the biggest browsers and target their software for them. Imagine if they said they supported any browser available, how many different tech people would you need to sort through a problem? "Well, it works on IE, Netscape, and Opera, but Mozilla nd Konquere don't work, we need to figure out the problem and then rework the whole page." And they woudl also have to support user calls on every browser, which could also be a nightmare. This isn;t a generic website, this is banking information. They need to limit the possible ways things can break, which means they need to limit the software that can be used. If there is a problem discovered with Opera (for example) that suddenly means the information going to your browser isn't secure, people will blame the bank, not the browser. If your password gets hacked because Konquer (or IE, or whatever) does something wrong, people will hold the bank responsible, even if it's because they didn't upgrade their own browser.

Linux users, or just people who prefer alternative browsers (such as Opera)

Ahhh! This is the very cause of the problem! Why are they acting like IE is the "standard" and everything else is "alternative!" Is Ford standard, but Chevrolet alternative?

Another scary point is that these articles indicate that browser spoofing often works. This means that the only reason some of these sites don't work, is because they refuse to! There are no real incompatibilities

Since when does the minority dictate how those who must target the majority do business?

I completely agree. Only last week I had to listen to the cheek of some idiot saying how I should have put a wheelchair ramp in so he could access my store! The week before that some black guy complained because I wouldnt serve him - it's my right isnt it?

It's not too hard, for inspiration, Wired News [wirednews.com] recently switched to full xhtml compliance with css. Their stuff works fine in any compliant browser.

People who complain about "I try to write to standards but all the browsers are broken", or "you can only do $feature on a certain browser" are lazy. That was a valid excuse 5 years ago, but not today. It is easier to write the stuff compliant to begin with than play around with stupid browser detection and NS4.x workarounds.

The problem is that there is an open set of standards out there that banks should be developing to- not specific browsers. Otherwise, there isn't any point in having standards, is there?

And yes, you can code to standards without killing cross-browser compatibility. I think the idea that you can't is one of the biggest myths of web development. It takes work, but then if you are a professional that should be your job.

Generally speaking, I think these sites come around through lazy or inexperienced developers who only know or are required to use a specific set of tools because it's 'cost-effective' and/or 'faster' instead of actually doing their job.

Whether it's the developers fault or management is up in the air- probably a little bit of both.

They have a right to not support anything but Internet Explorer, but we have the same right to know about it when making a choice of whether to use their bank. If they don't support a browser I can actually use I'd say I have a right to make an informed choice to instead use one of their competitors who can.

"The week before that some black guy complained because I wouldnt serve him - it's my right isnt it?"

I knew someone would bring that up. The difference between this and what browser you use is that your skin color or physical ability usually isn't your choice. Most people don't wake up one day and say "I think I will be disabled today" or "I think I will be a minority race today". You pretty much are or you aren't, and you can't usually change it easily.

The browser you use, on the other hand, is entirely your choice. You do have the ability to use Internet Explorer. (And none of this "I use Linux so I can't use IE" stuff... you chose to use Linux as well.) For the most part, when you switch to a different browser, you are aware that some sites will not work well with that browser.

I code my pages to the XHTML standard. I refuse to support Netscape 4.x because it does not support standards. My pages don't work on Mozilla 1.0 because of a bug in Mozilla 1.0's XHTML rendering. Does that mean I should break my layout because Mozilla 1.0 has a bug, considering Mozilla 1.0 is less than one percent of my readership?

The latest browser stats [onestat.com] show that Netscape 4 has 1.2% of the market and that Mozilla 1.x has 0.8% of the market. This means that web developers need to spend more time working with the 94.9% of the population that uses Internet Explorer than the decided minority that uses another browser.

Let's face it -- all browsers have quirks. "Coding to standards" will not always solve the problem (as I mentioned above.) Thus, most web developers code for the 95% of their audience that is on IE first, and then choose to make sites compatible with minority browsers at their discretion. If you spend 50% of your development time working around bugs in Netscape 4.x (which has more market share than either Mozilla 1.x or Opera), is that an effective use of your time? If you "code to standards" and your site still doesn't work in Mozilla or Opera, is troubleshooting the problem an effective use of your time considering that those two browsers count for less than 2% of your audience? Like it or not, the answer is most often "No."

This is a ridiculous argument. The bank has no way (or right) to control how the user secures his or hers machine, so why do they care about the browser? The user can have "HackMeProxy 1.0" installed, that intercept all IP traffic and post it to Usenet for what the bank knows, and it might be what the user wants.
Face it, the bank has NO WAY of ensuring security by dictating browser type.

And if they do care about the browser, all logic would dictate that they shouldn't support IE, given the security track record IE has.

Fact is, this is entirely laziness and incompetence from the banks technical departments.

In the end though, the incompetent banks will lose out - I've already cancelled one bank account due to a ridiculously bad online bank (a 1.5MB java applet that required write access to your hard disk to write an encrypted profile that you needed to move around to any machine you wanted to access their bank from, which in itself made it useless to me, as the reason I use online banking is to be able to do my banking from anywhere I please - add to that that the applet had severe problems on anything but Windows...). While my account on it's own only accounted for a few hundred dollars a year in lost revenue for them, I'm sure I'm not the first and won't be the last they lose.

Or, as in the case of me most of the Linux users I know: Highly paid software developers, development managers, etc.

Anyway, you'd be surprised to know that most banks see colleged kids as some of their most valuable customers, as hooking a colleged kid now means they are likely to get a customer that will stay with the bank for years, will get a high paid job, will get a mortgage, credit cards, personal loans and more.

Banks have been known to go to quite some excesses to get college kids to move to their bank, including special graduate loans, high credit limits, preferable interest rates and more.

And you're right, business is about profit, not market share, which is exactly why it's important for a business such as a bank to deal with non-IE browsers:

Their cost is essentially the same - they merely need to give their tech team the right guidelines, unless their tech team consists of people who should never have done software development in the first place. The development time should be the same or LESS. The maintenance costs will DROP, as they don't have to change their site every time there's a new version of IE with different quirks.

And their potential market is then 5% larger.

All their other fixed costs stays the same, and for a bank the fixed costs are incredibly high. Adding 5% to their potential market share could easily add 10-15% to their bottom line.

reaper20, you are missing dirk's original point. If the only goal is to have a web-page be viewed properly, then you are correct: writing to standards instead of the browser is far better. Dirk's point is that banks tend to be held responsible for the security of the browsers they claim to support. Let's say they write standard code and claim their services support Opera, but then a version of Opera allows a user to pull passwords and PINs from the cache (this is a just a fictional example, guys. The bank would be sued for claiming security for an unsecure browser. The only way they can protect themselves is to torture-test their site on certain browsers and lock the other browsers out.
Now, I think there is a better solution. The banks should write their site to standard. Then, if your browser is not detected as one of the "trusted" browsers, it should bring up a disclaimer page where you must accept terms that you may not sue the bank if a security hole is found with your browser. This isn't a perfect solution, but it would at least give us some options.

Often I've been in a situation where I hear "there are things other than IE?" and "I use IE, I don't care to think about anything else" from the people calling the shots as far as the specs & what will be paid for.

Then we have to go back to them with our site stats and say "are you willing to piss off X percent of users?" Luckily they wake up then. Lately, we've reversed the position - we tell them what browsers we're supporting, and why we cut off specific support for some browser versions where we do.

There are a lot of "Internet users" who don't have any concept of the Internet beyond IE, and even scarier, they're now the ones deciding how sites should be built.

I don't think it's fair to place the blame entirely on "lazy developers".

As I see it, there are two possibilities when a bank site doesn't work with non-IE browsers:

1. The bank wanted a solution that would work with all browsers, but the developer cut corners and didn't provide it.2. The bank didn't care.

For #2, I think it's safe to say the blame lies solely with the bank.

For #1, it seems the blame is largely with the developers. After all, the site's ability to work with all browsers was either explicitly stated, or it was implied. There's no reason an ordinary person would think "I want you to build my website" would be interpreted as "I want you to build a website that only some of my customers can use". Unless the developer explicitly states that their proposal is limited to IE, the expectation is (rightfully) that there is no such limitation.

At the same time, though, any organization contracting out such a significant job has a responsibility to exercise some due diligence. Especially a financial organization, due to the need for security. They ought to do enough research (either themselves, or hire a consultant) to know how to discriminate between competing bids. And they ought to ensure before accepting a bid that the developer truly understands their requirements, and that all requirements are in the contract. If they do all that, and the developer doesn't provide everything they said they would, that's breach of contract. If the bank doesn't do its due diligence, then it has to accept a share of the blame for having a half-assed website.

Well, look at it this way. Say a big nationwide bank decides to drop its clearance by 5" for drive up tellers on all new branches being built now and in the future. Well, problem is that there are a couple brands of big SUVs that will not fit under the clearance. Fortunately, those customers that own such vehicles only compromise about ~.5% of their customer base and the bank will save millions in construction costs every year. Sucks for those car owners. Guess they have to walk into the building with much shorter hours because they CHOSE to buy those big gas-guzzling SUVs.

I don't think so. People would go apeshit or for something like that or similar. Just because it is your choice doesn't necessarily make it any different.